What is eIDAS and how to prepare for it?
On July 1st 2016, the eIDAS Regulation went into effect, aiming to enable mutual recognition and acceptance of electronic identification schemes across EU borders. European Commission was dissatisfied with its predecessor, the E-signature Directive (1999). eIDAS was set out to give consistency to electronic signature regulations in the EU.
The regulation wants to ensure that secure electronic identification and authentication is possible for cross-border online services offered by Member States. The electronic signatures will have the same legal weight as their physical counterparts, but otherwise national laws will define the legal effect of these signatures.
How can businesses utilize eIDAS?
The regulation allows individuals and businesses across the European Union to take advantage of a new series of digital signatures, seals, time stamps, registered delivery, and website authentication across national borders. Businesses can utilize universal, secure digital signatures and authentication methods that can be used anywhere in the EU. Also, eIDAS provides a framework for businesses outside of the EU to conduct their business securely.
Inside Secure Strong Authentication end-to-end technology enables trusted electronic identification and authentication service providers – such as governments, banks, fixed and mobile operators – to implement strong authentication and authorization solutions.
Various types of electronic signatures
The Regulation defines three types of electronic signature – simple, advanced, and qualified. The vast majority of business and consumer transactions in the EU may be authenticated with a simple electronic signature. Nevertheless, some transactions – as a matter of national law – may require an advanced or qualified electronic signature.
A ‘simple’ electronic signature is the electronic equivalent of a written signature that a signatory can apply to a document to signify his acceptance or approval. (e.g. A typed name at the bottom of an email, the click of an ‘I accept’ button).
An ‘advanced electronic signature’ is a more secure form of electronic signature produced using encryption technology. It needs to fulfill certain requirements: a unique linking and capability of identifying the signatory, created using signature creation data (i.e a private encryption key), and linked to the signed data in such a way that any subsequent change in the data is detectable. An advanced electronic signature can be accepted by other member states.
A ‘qualified electronic signature’ provides the highest level of admissibility and legal effect in the EU. It is an ‘advanced electronic signature’ backed by a ‘qualified certificate’ issued by a trust service provider whose credentials appear in the EU Trusted List. A qualified electronic signature must be accepted by other member states.
Inside Secure Strong Authentication app SDK offers a secure software execution environment for electronic signatures, private key and certificate management. Inside Secure Strong Authentication provides tools for creating a superior end-user experience, as users can digitally authorize and sign transactions with a simple tap, swipe, PIN or biometrics.